Q&A Friday #18: Should Hacking Be A Crime?

by John Hawkins | June 24, 2005 3:54 am

Question: “Should all ‘hacking’ be a crime? Or do you think that some hackers actually do some good.” — Chairman_Mao

Answer: Way back in the day when I ran Brass Knuckles Webzine, I read a couple of books about hackers, read some of the online hacking websites semi-regularly, interviewed a couple of hackers, and even had a hacker on my ICQ list. I certainly wasn’t an expert on the subject (and never did any hacking myself), but I had an opportunity to at least see where some of the hackers were coming from.

Since then, I’ve also had an opportunity to work for an ISP wholesaler, talk to some online security experts, and got a general idea of the sort of problems hacking caused on the other side of the fence.

The truth is that most hackers aren’t doing anyone any good. Sure, you’ll find the occasional white hat hacker who harasses terrorists[1] or finds a vulnerability in a system and quietly informs the people involved of the problem without exploiting or damaging their system, but hackers like that are rare.

×

101 Things All Young Adults Should Know

[2]

by Sir John Hawkins

John Hawkins's book 101 Things All Young Adults Should Know is filled with lessons that newly minted adults need in order to get the most out of life. Gleaned from a lifetime of trial, error, and writing it down, Hawkins provides advice everyone can benefit from in short, digestible chapters.

Buy Now[3]

From what I’ve seen of hackers, most of them are bored teenagers and college age kids who get a thrill out of breaking into systems and maybe doing damage, maybe not. In any case, they’re a huge pain in the butt because once they break in, you have to ASSUME they’re looking to do harm.

It’s like finding out that someone is sneaking into your house. Maybe, they just like to sit on the furniture and watch the TV. In any case, they’re not supposed to be there and in order to keep them out, you may spend countless manhours and piles of money.

This is what a lot of hackers just don’t seem to get: even if they’re not malicious — and that can be a big if — companies may still have to spend tens of thousands of dollars on software, new routers, consulting time, you name it, just to keep them out.

A few years back, the counter to that I’d always see was: “Well, it’s the fault of the people who got hacked for not keeping their security up.” No, no, no. If you leave your wallet — stuffed with cash — in an unlocked car, that’s not a smart thing to do. However, that doesn’t mean it’s OK to steal the cash or even just to get in the car and listen to the radio. It’s not your car; you shouldn’t be there.

So, yeah, I think hackers should be prosecuted, although I do think the costs incurred by the person or company hacked as well as whether the hacker was malicious or not should be taken into account. The sort of hackers who are destroying files, stealing credit card info, creating viruses, and doing denial of service attacks? They deserve jail time as far as I’m concerned. On the other hand, if you’re talking about a first time offender who’s trying out some script online, is non-malicious, and doesn’t do any damage: a slap on the wrist and a stern warning would probably be more appropriate.